Exploitation Summary
EIP tracks 2 public exploits for CVE-2009-4724. PoCs published by MizoZ, ZoRLu.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in PPScript by providing crafted URLs that manipulate the 'cid' parameter to extract database information such as user, version, and database name.
Description
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Exploits (2)
This exploit demonstrates an SQL injection vulnerability in PPScript by providing crafted URLs that manipulate the 'cid' parameter to extract database information such as user, version, and database name.
This exploit demonstrates SQL injection vulnerabilities in PaymentProcessorScript.net, allowing attackers to extract database information (user, version, database name) via UNION-based SQLi and perform boolean-based blind SQLi.